i’ll discuss risk, the escalating threats we’re ... · 1 i’ll discuss risk, the escalating...
TRANSCRIPT
1
I’ll discuss RISK, the escalating threats we’re experiencing, daily, that have led to the changes in AS9100. Next, I’ll review the importance and challenges of the new AS9100C requirements which when properly implemented can fortress our country’s technology and defense systems.
In August 2011, our technology and risks are evolving rapidly.Concerns - infiltration of our deepest defenses:
Everyday, counterfeit parts are revealed, embedded in our war vehicles and defense systems.• Our US Government Accountability Office (GAO) in a related preliminary study
revealed that fake and defective parts have adversely impacted 40 percent of our DOD’s supply chain.
• Suspect parts embedded in our missiles, rifles and vehicles, most of which appear to have originated from China. (Source: dailyTECH, Jason Mick (Blog) - June 17, 2011 2:00 PM)
In addition to these national issues, we are dealing with escalating threats disrupting our daily lives and handling of our personal investments. In June of this year, Reuters published an account of a Cyber attack in which 360,000 North American CITIgroup cardholders had their accounts breached.
• Today, hackers are seeking backdoors to the some of our nations most critical data. In May, Information Week reported that Lockheed Martin had suffered a ―massive cyber attack. ―
• Occurred on a SecureID system previously considered to be virtually ― unhackable.‖ • The attack on Lockheed Martin’s data systems was targeted toward Trident
missiles, the f-22 fighter and our DOD’s network of satellites. • Fortunately, Lockheed's swift detection of the attack enabled them to avert potential
disaster.
• (Source: Mathew J. Schwartz, Information Week – May 21, 2011)
• Note program costs & deficits re: Tanker, Marine Expeditionary Fighting Vehicle (EFV) – cancelled due to cost and schedule
I’ve just shared with you a few examples of the escalating attacks we are facing as Americans, today. These risks are disrupting our daily lives and stressing our national security. What does this mean to the evolution of our technology, systems and to unmanned vehicles in the US? Specifically, to the unmanned marketplace that hopes to attain access, at some point, to civilian airspace? And finally, how does the threat of these increasing attacks, impact the evolution of our nation’s mission critical manufacturing
systems?
2
In 2011, it’s time to institute strong measures –
To make a preemptive strike.
There couldn’t be a better time to expand the tough regulations inherent in
AS9100, beyond the boundaries of aerospace to defense overall.
This new requirement is termed AS9100C.
As one would expect these new certifications are deep and will be tough to
implement in manufacturing.
To understand how that can be done, first you need to understand our issues in
dealing with risk.
Then we can review how product can be buildable within these requirements.
3
4 common errors in risk perception
•Exaggerate rare risks – flying versus driving
•Unknown - riskier than the familiar – but we make errors in the familiar
because we get lazy
•Personified risks – tin whiskers has a name, but it takes time to become a
problem (the service life of a product may not be long enough for tin whiskers to
become an operational risk)
•Underestimate risks we control, overestimate risks we cannot control – ―we’ve
done it this way before and it worked just fine‖
These relate to product development, manufacturing, and final product use
4
This is a metaphor for the development of many products and systemsIncomplete planning and lack of a direct view of the risks results in products not meeting deadlines or not working properly
5
Just as there has been a revolution in manufacturing operations (e.g., lean),
there is now a:
A REVOLUTION IN RISK
The rise of AS9100C addresses risk in:
Design, Purchasing, Parts and Assembly
Let’s look at risk, specifically:
MANUFACTURING RISK
Is the product Buildable?
Will components meet design parameters?
Are components currently available?
Counterfeit risk?
Will product survive in the field?
Does the product fit the manufacturer capabilities?
Is the customer capable of investing in a relationship that results in a positive
outcome?
WHY THE MOVE FROM AS100B TO C?
Due to the need to expand the focus of risk management beyond Aerospace to
Defense
-------------------------------------------------
6
AS9100C PROVIDES FOR THE:
•assignment of responsibilities for risk management
•The definition of risk criteria (e.g., likelihood, consequences, risk acceptance),
•identification, assessment and communication of risks throughout product
•realization
•identification, implementation and management of actions to mitigate risks
•that exceed defined risk acceptance criteria, and
•acceptance of risks remaining after implementation of mitigating actions.
--Risk: Defining a Manufacturing Process
Earlier we spoke about Benjamin Franklin’s quote which draws attention to the
importance of critical details at the finite level
(such as the enemy slaying a rider all for the want of a horseshoe nail).
Parallels can be drawn to the loss of troops from a plane crash due to a bad
component on a Printed circuit board failing the plane’s controls.
Like a nail on a shoe – AS9100 returns attention to each level of importance.
7
Next it’s important to assess organizational maturity related to handling risks
and implementing effective management processes aligned with AS9100C
guidelines as shown here for:
(SCREEN 1) Organizational processes
(SCREEN 2) The drivers of processes, the organization’s culture, awareness,
training and delegation of responsibility
(SCREEN 3) Tools data and process metrics defined and implemented to
handle risk
(Source: http://as9100store.com/downloads/Risk_Management_Awareness-
IAQG.ppt
- Supply Chain Management Handbook – International Aerospace Quality Group)
8
Managing processes and product development within the new AS9100C rules
can require an intensive implementation and ongoing project maintenance plan.
Yet instituting a strong risk prevention system is key in keeping our country
safe.
Implementing AS9100C risk management for product manufacturing includes:
(SCREEN 1) assessing risk factors such as those shown in Table 2 regarding
“Product risk tables for guidance,”
(SCREEN 2) Next potential cause, impacts and action plans must be
recorded in a risk register,
(SCREEN 3) Product risk assessments and their risk levels need to be
classified, recorded and given a score as to severity
RAG = Risk Assessment Guidelines
(Source: http://as9100store.com/downloads/Risk_Management_Awareness-
IAQG.ppt -Supply Chain Management Handbook – International Aerospace Quality Group)
9
What we’d like to do is give you an example of how Axiom as a Provider
of Electronics Manufacturing Services has implemented Risk
Management:
We needed to access risks related to a new product Introduction from the
initial quote through procurement to the final board assembly, including--
Processing
Documentation
Tooling
Stencils
Machine Programming
Fixtures
10
•Finally, what are the elements of an effective risk management program?
Axiom’s Risk Management Program Purpose is…
•To identify risks
•To understand likelihood of risks
•the consequences of risks
•To reduce the impact of risks
•Reduce occurrences of risks,
•Manage identified risks, and
•Prevent negative business consequences
•while maximizing customer satisfaction
At Axiom, to ensure that these processes were being followed
consistently,
we studied how we could build all of the related complex requirements
into our internal systems –
to make them a seamless part of what we do everyday.
(Source: http://as9100store.com/downloads/Risk_Management_Awareness-
IAQG.ppt - Supply Chain Management Handbook – International Aerospace Quality Group)
11
First we needed to define the typical risk categories at Axiom, which include
what you see here, and next to implement a system that would be designed to
flag potential issues.
12
We also looked to the experts for examples of the risks that we would most
likely encounter.
13
At Axiom, we then complied what we learned about AS9100C risk management
requirements and designed them into our systems,
beginning with the quote process.
We needed to identify risks inherent in quotes, so that we’d have a clear
understanding of potential issues before we accepted an order.
The Quote Team compiles a list of potential Risks and compiles them in our
Quote Module related to:
•RFP/RFQ Data, SOW, Project Data,
•Prescribed Subs, Suppliers, Customer Histories,
•Technology/Production/Quality Experience etc.
14
Axiom Electronics developed Proprietary tools enabling our Program
Managers to effectively manage Customer’s products and meet required
delivery dates.
Axiom’s Project Manager tool lays out the foundation for an effective time
line from start to finish based on each support group’s requirements.
After the Customer’s PO is received, Axiom’s Project Team compiles a list of
potential Risks, and captures Identified Risk inherent in the Project
Requirements.
Risk Sources can be from the:
•Quote Module, SOW, Project Data, Prescribed Subs
•Suppliers, Customer Histories, Technology/Production/Quality,
etc.
Each risk is identified, assessed for it’s potential impact and likelihood of
occurrence.
At Axiom we use the Red, yellow, green warning system for risk severity, which
you will view in the next slides.
You can see here in the risk tab that 3 Risks were identified and assessed.
16
Next Axiom’s system ensures that a risk is provided with a severity score, which you see
here has been automatically calculated to be 256 – which is quite high, and turns the Risk
Severity Tab red.
Axiom Employees are then prompted to take action and respond to the risk in one of the
following ways via:
•Acceptance - The project manager and team decide to accept certain risks.
•Avoidance - The team changes the project plan to eliminate the risk or to protect
the project objectives from its impact.
•Mitigation - The team seeks to reduce the probability or consequences of a risk
event to an acceptable threshold.
•Transference - The team transfers the risk by subcontracting out some aspect of
the work (e.g.: Conformal Coating, Environmental Stress Screening, etc
A Risk Mitigation Plan per AS9100C is then put in place which includes the
parameters you see here.
18
In working with Axiom, our customers can be assured that we are properly
assessing risks related to their projects and responding in the most efficient
manner possible.
Axiom’s internal systems provide clear indicators as to:
1. Project Risks (the wider the red bar, the higher the risk) - the size of the red
bar reflects the sum of all identified Risks Scores.
2. The potential to “View Current Program Risk” - the Program Risk Button
gives access to the Real Time Project Risk Status Screen.
3. Department Risk Mitigation Status - accessing each of the Department
Activity screens provides a mitigation status of Risks that departments such as
Test, Engineering and Quality have identified.
4. Requirements Risk Identification and Tracking – the Requirements Button
provides access to the Requirements Risk Identification, Tracking and
Management Screen.
5. Risk Management Activities Status Report - accessing the Reports Button
provides access to the Reports system allowing the Risk Identification and
Mitigation Status Report to be created
The Risk Assessment Screen lists all dynamically identified risks for the
project and a summation of those as the overall project risk assessment score.
Standard reports assist with the tracking and monitoring of identified
risks. Dynamic Risks Report, Requirements Risks Report by PID (Project ID),
All Unmitigated High Requirement Risks and other reports available on an as
needed basis
19
Finally the status of Risk Mitigation plans can be viewed and mitigated for each
department, ensuring that the required steps are followed and handled
efficiently.
20
AS9100C enabling projects to be completed to task and on time, and most importantly keeping our War Fighters Alive.
22
Axiom will be presenting two Press Talks and two Booth Talks at AUVSI that you see listed here. These presentations will also be available from Axiom’s website at the link you see on the lower portion of this slide.
25
The financial crisis has reminded us of the valuable lesson that risks gone bad in one part of the economy can set off chain reactions in areas that may seem completely unrelated.
In fact, risk managers and other executives fail to anticipate the effects, both negative and positive, of events that occur routinely throughout the business cycle.
Their impact can be substantial—often, much more substantial than it seems initially.
26
―Yet in 2000, when a lightning strike from such a storm set off a fire at a microchip plant in New Mexico, it damaged millions of chips slated for use in mobile phones from a number of manufacturers. Some of them quickly shifted their sourcing to different US and Japanese suppliers, but others couldn’t and lost hundreds of millions of dollars in sales.‖ --McKinsey Quarterly-Risk Practice, Eric Lamarre and Martin Pergler. October 2009
•A lightning strike and fire
•Millions of chips are damaged at a microchip plant in New Mexico
•Mobile phone manufacturers with no alternate chip source
LOSS = hundreds of millions of dollars in sales.
27
Dynamic Risk Indicator:
•Sums all Identified Risk Scores (<=256)
•Calculated each time PID is accessed
•Program Risk Button shows Detail
•PM Responsible for monitoring and taking
•action if deemed appropriate
Axiom system contains a process to handle and fully calculate the cost of
ECOs.
The related project risks are then handled in the risk modules that were viewed
in the first portion of the presentation.
Robert Toppel holds a Bachelor's degree in Physics from the University
of Colorado at Denver.
Currently he is the President of Axiom Electronics and joined Axiom in
1991. Formerly, Robert served as the Engineering Manager of The
Tektronix Logic Analyzer Division. He co-founded Breeze Test
Instruments
Contact Information for the presenting organization: Axiom Electronics
LLC
Also for Axiom’s partner, North Shore Components